- 3 Key Management. - 3.1 What key management issues are involved in public-key cryptography?. - 3.4 Should a public key or private key be shared among users?. - 3.5 What are certificates?. - 3.8 What is a CSU, or, How do certifying authorities store their private keys?. - 3.11 What are Certificate Revocation Lists (CRLs)?. - 3.13 What happens if I lose my private key?. - 3.14 What happens if my private key is compromised?. - 3.15 How should I store my private key?. - 3.16 How do I find someone else's public key?. - 3.18 What is a digital time-stamping service?. - 4.1 What is a one-way function?. - 4.2 What is the significance of one-way functions for cryptography?. - 4.3 What is the factoring problem?. - 4.4 What is the significance of factoring in cryptography?. - 4.6 What are the best factoring methods in use today?. - 4.7 What are the prospects for theoretical factoring breakthroughs?. - 4.8 What is the RSA Factoring Challenge?. - 4.9 What is the discrete log problem?. - 5.1 What is DES?. - 5.5 What are the alternatives to DES?. - 6 Capstone, Clipper, and DSS 6.1 What is Capstone?. - 6.2 What is Clipper?. - 6.5 What is Skipjack?. - 6.7 What is the current status of Clipper?. - 6.8 What is DSS?. - 6.11 What is the current status of DSS?. - 7.1 What is NIST?. - 7.3 What is the NSA?. - 8.1 What is the legal status of documents signed with digital signatures?. - 8.2 What is a hash function? What is a message digest?. - 8.3 What are MD2, MD4 and MD5?. - 8.4 What is SHS?. - 8.5 What is Kerberos?. - 8.6 What are RC2 and RC4?. - 8.7 What is PEM?. - 8.8 What is RIPEM?. - 8.9 What is PKCS?. - 8.10 What is RSAREF?. - 1.1 What is encryption?. - Encryption is the transformation of data into a form unreadable by anyone without a secret decryption key. - Bob decrypts the ciphertext with the decryption key and reads the message. - An attacker, Charlie, may either try to obtain the secret key or to recover the plaintext without using the secret key. - 1.2 What is authentication? What is a digital signature?. - conventional secret-key cryptosystems like DES or on public-key systems like RSA. - authentication in public-key systems uses digital signatures.. - 1.3 What is public-key cryptography?. - Traditional cryptography is based on the sender and receiver of a message knowing and using the same secret key: the sender uses the secret key to encrypt the message, and the receiver uses the same secret key to decrypt the message. - This method is known as secret-key cryptography. - The main problem is getting the sender and receiver to agree on the secret key without anyone else finding out. - If they are in separate physical locations, they must trust a courier, or a phone system, or some other transmission system to not disclose the secret key being communicated. - Secret-key cryptography often has difficulty providing secure key management.. - Public-key cryptography was invented in 1976 by Whitfield Diffie and Martin Hellman [29] in order to solve the key management problem. - In the new system, each person gets a pair of keys, called the public key and. - the private key. - Each person's public key is published while the private key is kept secret. - The need for sender and receiver to share secret information is eliminated: all communications involve only public keys, and no private key is ever transmitted or shared. - Anyone can send a confidential message just using public information, but it can only be decrypted with a private key that is in the sole possession of the intended recipient. - Furthermore, public-key cryptography can be used for authentication (digital signatures) as well as for privacy (encryption).. - Here's how it works for encryption: when Alice wishes to send a message to Bob, she looks up Bob's public key in a directory, uses it to encrypt the message and sends it off. - Bob then uses his private key to decrypt the message and read it. - No one listening in can decrypt the message. - Clearly, one requirement is that no one can figure out the private key from the. - corresponding public key.. - Here's how it works for authentication: Alice, to sign a message, does a computation involving both her private key and the message itself. - Bob, to verify the signature, does some computation involving the message, the purported signature, and Alice's public key. - A good history of public-key cryptography, by one of its inventors, is given by Diffie [27].. - 1.4 What are the advantages and disadvantages of public-key cryptography over secret-key cryptography?}. - The primary advantage of public-key cryptography is increased security:. - In a secret-key system, by contrast, there is always a chance that an enemy could discover the secret key while it is being transmitted.
Xem thử không khả dụng, vui lòng xem tại trang nguồn hoặc xem
Tóm tắt